diff --git a/crates/lox-distributor/src/request_handler.rs b/crates/lox-distributor/src/request_handler.rs index 0cca72d..d3a44fa 100644 --- a/crates/lox-distributor/src/request_handler.rs +++ b/crates/lox-distributor/src/request_handler.rs @@ -81,7 +81,7 @@ mod tests { cred::BucketReachability, proto, BridgeAuth, BridgeDb, }; - + use rand::RngCore; use std::sync::{Arc, Mutex}; @@ -103,7 +103,6 @@ mod tests { impl LoxClient for LoxClientMock { fn invite(&self) -> Request { - Request::builder() .method("POST") .uri("http://localhost/invite") @@ -111,7 +110,6 @@ mod tests { .unwrap() } fn reachability(&self) -> Request { - Request::builder() .method("POST") .uri("http://localhost/reachability") @@ -120,7 +118,6 @@ mod tests { } fn pubkeys(&self) -> Request { - Request::builder() .method("POST") .uri("http://localhost/pubkeys") @@ -130,7 +127,7 @@ mod tests { fn openinvite(&self, request: proto::open_invite::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -141,7 +138,7 @@ mod tests { fn trustpromo(&self, request: proto::trust_promotion::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -152,7 +149,7 @@ mod tests { fn trustmigration(&self, request: proto::migration::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -163,7 +160,7 @@ mod tests { fn levelup(&self, request: proto::level_up::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -174,7 +171,7 @@ mod tests { fn issueinvite(&self, request: proto::issue_invite::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -185,7 +182,7 @@ mod tests { fn redeeminvite(&self, request: proto::redeem_invite::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -196,7 +193,7 @@ mod tests { fn checkblockage(&self, request: proto::check_blockage::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") @@ -207,7 +204,7 @@ mod tests { fn blockagemigration(&self, request: proto::blockage_migration::Request) -> Request { let req_str = serde_json::to_string(&request).unwrap(); - + Request::builder() .header("Content-Type", "application/json") .method("POST") diff --git a/crates/lox-library/src/bridge_table.rs b/crates/lox-library/src/bridge_table.rs index 6992e79..36efe76 100644 --- a/crates/lox-library/src/bridge_table.rs +++ b/crates/lox-library/src/bridge_table.rs @@ -260,11 +260,10 @@ pub struct BridgeTable { pub recycleable_keys: Vec, // We maintain a list of keys that have been blocked (bucket_id: u32), as well as the // time (julian_date: u32) of their blocking so that they can be repurposed with new - // buckets eventually + // buckets after the EXPIRY_DATE pub blocked_keys: Vec<(u32, u32)>, // Similarly, we maintain a list of open entry buckets (bucket_id: u32) and the time they were - // created (julian_date: u32) so they will be listed as expired after some amount of time - // (e.g., 511 days, which is the maximum time an open-invitation credential would still be valid) + // created (julian_date: u32) so they will be listed as expired after the EXPIRY_DATE // TODO: add open entry buckets to the open_inv_keys only once they have been distributed pub open_inv_keys: Vec<(u32, u32)>, /// The date the buckets were last encrypted to make the encbucket. diff --git a/crates/lox-library/src/lib.rs b/crates/lox-library/src/lib.rs index 1758d17..57c092d 100644 --- a/crates/lox-library/src/lib.rs +++ b/crates/lox-library/src/lib.rs @@ -60,6 +60,11 @@ lazy_static! { dalek_constants::RISTRETTO_BASEPOINT_TABLE; } +// EXPIRY_DATE is set to EXPIRY_DATE days for open-entry and blocked buckets in order to match +// the expiry date for Lox credentials. This particular value (EXPIRY_DATE) is chosen because +// values that are 2^k − 1 make range proofs more efficient, but this can be changed to any value +pub const EXPIRY_DATE: u32 = 511; + #[derive(PartialEq, Eq)] pub enum ReplaceSuccess { NotFound = 0, @@ -664,12 +669,8 @@ impl BridgeAuth { // This should include buckets that have been blocked for a sufficiently long period // that we no longer want to allow migration to, or else, open-entry buckets that // have been unblocked long enough to become trusted and who's users' credentials - // would have expired (after 511 days) + // would have expired (after EXPIRY_DATE) pub fn clean_up_expired_buckets(&mut self, bdb: &mut BridgeDb) { - // Consider including migration tables and check age of from buckets - // If an open-invitation bucket is more than 511 days old, it should be recycled - // If a blocked bridge is more than 511 (the maximum validity of a credential in days) days old, it should also be recycled - // First check if there are any blocked indexes that are old enough to be replaced self.clean_up_blocked(); // Next do the same for open_invitations buckets @@ -682,14 +683,12 @@ impl BridgeAuth { .bridge_table .blocked_keys .iter() - .any(|&x| x.1 + 511 < self.today()) - //Perhaps 511 should be changed to an earlier time + .any(|&x| x.1 + EXPIRY_DATE < self.today()) { - let blocked_keys_clone = self.bridge_table.blocked_keys.clone(); - // If so, separate them from the fresh blockages - let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = blocked_keys_clone - .into_iter() - .partition(|&x| x.1 + 511 < self.today()); + // If there are expired blockages, separate them from the fresh blockages + let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = self.bridge_table.blocked_keys + .iter() + .partition(|&x| x.1 + EXPIRY_DATE < self.today()); for item in expired { let new_item = item.0; // check each single bridge line and ensure none are still marked as reachable. @@ -716,6 +715,12 @@ impl BridgeAuth { self.bridge_table.keys.remove(&new_item); //and add them to the recyclable keys self.bridge_table.recycleable_keys.push(new_item); + // Remove the expired blocked bucket from the blockage migration table, + // assuming that anyone that has still not attempted to migrate from their + // blocked bridge after the EXPIRY_DATE probably doesn't still need to migrate. + self.blockage_migration_table + .table + .retain(|&k, _| k != new_item); } // Finally, update the blocked_keys vector to only include the fresh keys self.bridge_table.blocked_keys = fresh @@ -729,14 +734,13 @@ impl BridgeAuth { .bridge_table .open_inv_keys .iter() - .any(|&x| x.1 + 511 < self.today()) - //Perhaps 511 should be changed to an earlier time + .any(|&x| x.1 + EXPIRY_DATE < self.today()) + //Perhaps EXPIRY_DATE should be changed to an earlier time { - let open_inv_keys_clone = self.bridge_table.open_inv_keys.clone(); // If so, separate them from the fresh open invitation indexes - let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = open_inv_keys_clone - .into_iter() - .partition(|&x| x.1 + 511 < self.today()); + let (expired, fresh): (Vec<(u32, u32)>, Vec<(u32, u32)>) = self.bridge_table.open_inv_keys + .iter() + .partition(|&x| x.1 + EXPIRY_DATE < self.today()); for item in expired { let new_item = item.0; bdb.remove_openinv(&new_item); diff --git a/crates/lox-library/src/tests.rs b/crates/lox-library/src/tests.rs index 580f4a5..1738242 100644 --- a/crates/lox-library/src/tests.rs +++ b/crates/lox-library/src/tests.rs @@ -729,7 +729,7 @@ fn test_clean_up_open_entry() { BridgeLine::random(), ]; // Add new bridges to trigger bucket cleanup - let _ = th.ba.add_openinv_bridges(bucket, &mut th.bdb); + let _ = th.ba.add_openinv_bridges(bucket, &mut th.bdb); } println!( "The number of trustup migrations after adding 10 new buckets is: {:?}",